Bert Hausmans
42a04e6cb3
- Add separate deployment pipeline (azure-pipelines-deploy.yml) for App Service deployment - Add advanced pipeline with deployment slots (azure-pipelines-slots.yml) - Restore azure-pipelines.yml to build-only (no deployment) - Add comprehensive Azure setup documentation: - AZURE-NEW-SUBSCRIPTION-SETUP.md: Complete step-by-step Azure resource setup - AZURE-RESOURCES-OVERVIEW.md: Quick reference for all Azure resources - AZURE-ACR-SHARED-SETUP.md: Guide for shared Container Registry - AZURE-ACR-NAMING-RECOMMENDATION.md: Naming recommendations for Zuyderland - AZURE-PIPELINE-DEPLOYMENT.md: Automated deployment setup guide - AZURE-PIPELINE-QUICK-REFERENCE.md: Quick reference for pipeline variables - AZURE-PIPELINES-USAGE.md: Guide for using build and deployment pipelines - Add setup script (scripts/setup-azure-resources.sh) for automated resource creation - Support for shared ACR across multiple applications
8.0 KiB
8.0 KiB
Azure Resources Overview
Quick reference of all Azure resources needed for CMDB Insight deployment.
📋 Resources Summary
| Resource Type | Resource Name | Purpose | SKU/Tier | Estimated Cost | Shared? |
|---|---|---|---|---|---|
| Resource Group | rg-cmdb-insight-prod |
Container for all resources | - | Free | No |
| Container Registry | yourcompanyacr |
Store Docker images (can be shared) | Basic/Standard | €5-20/month | ✅ Yes |
| PostgreSQL Database | cmdb-postgres-prod |
Production database | Standard_B1ms | €20-30/month | No |
| Key Vault | kv-cmdb-insight-prod |
Store secrets securely | Standard | €1-2/month | No |
| App Service Plan | plan-cmdb-insight-prod |
Hosting plan | B1 | €15-25/month | No |
| App Service (Backend) | cmdb-backend-prod |
Backend API | - | Included in plan | No |
| App Service (Frontend) | cmdb-frontend-prod |
Frontend web app | - | Included in plan | No |
| Application Insights | appi-cmdb-insight-prod |
Monitoring & logging | Basic | €0-5/month | No |
Total Estimated Cost: €41-82/month (depending on ACR tier and usage)
💡 Note: Container Registry can be shared across multiple applications. The repository name (cmdb-insight) separates this app from others. If you already have an ACR, reuse it to save costs!
🔗 Resource Dependencies
Resource Group (App-specific)
├── PostgreSQL Database
│ └── Stores: Application data
├── Key Vault
│ └── Stores: Secrets (JIRA tokens, passwords, etc.)
├── Application Insights
│ └── Monitors: Backend & Frontend apps
└── App Service Plan
├── Backend App Service
│ ├── Pulls from: Shared ACR (cmdb-insight/backend:latest)
│ ├── Connects to: PostgreSQL
│ ├── Reads from: Key Vault
│ └── Sends logs to: Application Insights
└── Frontend App Service
├── Pulls from: Shared ACR (cmdb-insight/frontend:latest)
└── Connects to: Backend App Service
Shared Resources (can be in separate resource group)
└── Container Registry (ACR) ← Shared across multiple applications
├── cmdb-insight/ ← This application
│ ├── backend:latest
│ └── frontend:latest
├── other-app/ ← Other applications
│ └── api:latest
└── shared-services/ ← Shared images
└── nginx:latest
🌐 Endpoints
After deployment, your application will be available at:
- Frontend:
https://cmdb-frontend-prod.azurewebsites.net - Backend API:
https://cmdb-backend-prod.azurewebsites.net/api - Health Check:
https://cmdb-backend-prod.azurewebsites.net/api/health
If custom domain is configured:
- Frontend:
https://cmdb.yourcompany.com - Backend API:
https://api.cmdb.yourcompany.com(or subdomain of your choice)
🔐 Required Secrets
These secrets should be stored in Azure Key Vault:
| Secret Name | Description | Example |
|---|---|---|
JiraPat |
Jira Personal Access Token (if using PAT auth) | ATATT3xFfGF0... |
SessionSecret |
Session encryption secret | a1b2c3d4e5f6... (32+ chars) |
JiraOAuthClientId |
Jira OAuth Client ID | OAuthClientId123 |
JiraOAuthClientSecret |
Jira OAuth Client Secret | OAuthSecret456 |
JiraSchemaId |
Jira Assets Schema ID | schema-123 |
DatabasePassword |
PostgreSQL admin password | SecurePassword123! |
📊 Resource Sizing Recommendations
For 20 Users (Current)
| Resource | Recommended SKU | Alternative |
|---|---|---|
| App Service Plan | B1 (1 vCore, 1.75GB RAM) | B2 if experiencing slowness |
| PostgreSQL | Standard_B1ms (1 vCore, 2GB RAM) | Standard_B2s for growth |
| Container Registry | Basic (10GB) | Standard for production |
| Key Vault | Standard | Standard (only option) |
For 50+ Users (Future Growth)
| Resource | Recommended SKU | Notes |
|---|---|---|
| App Service Plan | B2 or S1 | Better performance |
| PostgreSQL | Standard_B2s (2 vCores, 4GB RAM) | More concurrent connections |
| Container Registry | Standard (100GB) | More storage, geo-replication |
🔄 Update/Deployment Flow
- Code Changes → Push to repository
- CI/CD Pipeline → Builds Docker images
- Push to ACR → Images stored in Container Registry
- Restart App Services → Pulls new images from ACR
- Application Updates → New version live
Manual Deployment
# Restart apps to pull latest images
az webapp restart --name cmdb-backend-prod --resource-group rg-cmdb-insight-prod
az webapp restart --name cmdb-frontend-prod --resource-group rg-cmdb-insight-prod
🛡️ Security Configuration
Network Security
- HTTPS Only: Enabled on both App Services
- Database Firewall: Restricted to Azure services (can be further restricted)
- Key Vault Access: Managed Identity only (no shared keys)
Authentication
- App Services: Managed Identity for ACR and Key Vault access
- Database: Username/password (stored in Key Vault)
- Application: Jira OAuth 2.0 or Personal Access Token
📈 Monitoring & Logging
Application Insights
- Metrics: Response times, request rates, errors
- Logs: Application logs, exceptions, traces
- Alerts: Configured for downtime, errors, performance issues
Access Logs
# Backend logs
az webapp log tail --name cmdb-backend-prod --resource-group rg-cmdb-insight-prod
# Frontend logs
az webapp log tail --name cmdb-frontend-prod --resource-group rg-cmdb-insight-prod
🔧 Configuration Files
Environment Variables (Backend)
NODE_ENV=productionPORT=3001DATABASE_TYPE=postgresDATABASE_URL(from Key Vault)JIRA_HOST=https://jira.zuyderland.nlJIRA_AUTH_METHOD=oauthJIRA_OAUTH_CLIENT_ID(from Key Vault)JIRA_OAUTH_CLIENT_SECRET(from Key Vault)JIRA_OAUTH_CALLBACK_URLJIRA_SCHEMA_ID(from Key Vault)SESSION_SECRET(from Key Vault)FRONTEND_URLAPPINSIGHTS_INSTRUMENTATIONKEY
Environment Variables (Frontend)
VITE_API_URL(points to backend API)
🗑️ Cleanup (If Needed)
To delete all resources:
# Delete entire resource group (deletes all resources)
az group delete --name rg-cmdb-insight-prod --yes --no-wait
# Or delete individual resources
az acr delete --name cmdbinsightacr --resource-group rg-cmdb-insight-prod
az postgres flexible-server delete --name cmdb-postgres-prod --resource-group rg-cmdb-insight-prod
az keyvault delete --name kv-cmdb-insight-prod --resource-group rg-cmdb-insight-prod
az appservice plan delete --name plan-cmdb-insight-prod --resource-group rg-cmdb-insight-prod
⚠️ Warning: This will permanently delete all resources and data. Make sure you have backups if needed.
📞 Quick Commands Reference
# Set variables
RESOURCE_GROUP="rg-cmdb-insight-prod"
BACKEND_APP="cmdb-backend-prod"
FRONTEND_APP="cmdb-frontend-prod"
# Check app status
az webapp show --name $BACKEND_APP --resource-group $RESOURCE_GROUP --query state
# View logs
az webapp log tail --name $BACKEND_APP --resource-group $RESOURCE_GROUP
# Restart apps
az webapp restart --name $BACKEND_APP --resource-group $RESOURCE_GROUP
az webapp restart --name $FRONTEND_APP --resource-group $RESOURCE_GROUP
# List all resources
az resource list --resource-group $RESOURCE_GROUP --output table
# Get app URLs
echo "Frontend: https://${FRONTEND_APP}.azurewebsites.net"
echo "Backend: https://${BACKEND_APP}.azurewebsites.net/api"
📚 Related Documentation
AZURE-NEW-SUBSCRIPTION-SETUP.md- Complete step-by-step setup guideAZURE-APP-SERVICE-DEPLOYMENT.md- Detailed App Service deploymentAZURE-CONTAINER-REGISTRY.md- ACR setup and usageAZURE-QUICK-REFERENCE.md- Quick reference guidePRODUCTION-DEPLOYMENT.md- General production deployment
Last Updated: 2025-01-21